Nowadays, the blockchain market as a whole is in its infancy, and the decentralized finance (DeFi) market is its most promising part. According to DefiLlama data, in 2021, the DeFi market had around $200 billion of liquidity locked in smart contracts. If we view this capital as an initial investment, this market looks like a highly promising venture. Not too many global companies can boast of such a capitalization. But any young market has its teething problems. With DeFi, the main issue is a lack of qualified blockchain developers.
This industry is very young and has a relatively small user base. Most people have at best heard about DeFi without having any idea about what it is. But as it happens with every new promising venture, it quickly creates a lot of speculative interest. Unfortunately, preparing personnel takes much longer, especially when it comes to such knowledge-intense spheres as blockchain and smart contract development. This means that some project teams will have to compromise and hire less experienced personnel.
This problem inevitably creates a growing risk of security loopholes in the code of these projects. And then we have to deal with its consequences in lost user capital. For just a brief understanding of how big this problem is, I can say that about 10% of DeFi’s total liquidity locked has been stolen by hackers. It should not surprise anyone that the mainstream public would prefer to stay away from a financial system that poses such dangers to their funds.
In doing them, they use multiple protocols to borrow and drag liquidity through until the final act where they amplify the price of a token through oracles or liquidity pools and use it to swindle a pump-and-dump and be gone with liquidity in an array of some major different cryptocurrencies such as Ether (ETH), Wrapped Bitcoin (wBTC) and others. Some famous flash loan attacks include the Pancake Bunny attack, where the protocol lost $200 million, and another Cream Finance attack, in which over $100 million was stolen.
How to defend against DeFi exploits?
To build a secure DeFi protocol, ideally, you should only trust experienced blockchain developers. They should have a professional team lead with skill in building decentralized applications. It is also wise to remember to use safe code libraries for development. Sometimes, the less up-to-date libraries can be the safest option than the ones with the newest code bases.
Testing is another crucial thing all serious DeFi projects must do. As a CEO of a smart contract audit company, I always try to cover 100% of our clients’ code and stress the importance of decentralized protection of the private keys used to call functions of smart contracts with restricted access. It is best to use decentralization of the public key through a multisignature that prevents one entity from having full control over the contract.
In the end, education is one of the keys that will allow blockchain-based financial systems to become more secure and reliable. And education should be one of the key concerns of those looking for employment in DeFi because it can offer mouthwatering rewards to all who can make a viable contribution.
This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Dmitry Mishunin is the founder and CEO of DeFi security and analytics company HashEx and has long-standing expertise in the field of blockchain security. He has devoted a lot of time to scientific activities, such as research into IT systems, blockchain, and vulnerabilities in DeFi. Under Dmitry’s management, HashEx has become one of the leaders in the field of smart contract audits.